Our experienced team views data breach response as a joint effort in partnership with the client where the client’s philosophy, brand and customer base are considered integral in reconciling compliance with the numerous, and often competing, laws and regulations. [...]
TD BANK ANNOUNCES DATA BREACH
TD Bank recently began notifying approximately 260,000 customers in numerous states from Maine to Florida that their personal information had been lost. A TD Bank spokesman confirmed to the Associated Press that unencrypted back-up data tapes were misplaced in transport earlier this year. The tapes contained personal information that included account information and social security … Continue reading
MEDAL OF HONOR RECIPIENTS BECOME VICTIMS OF AN ON LINE DATA BREACH
The Social Security numbers of 31 Army Medal of Honor recipients were accidentally posted on line by a Pentagon employee. The Los Angeles Times reported last week that the personal information was removed from the internet after the breach was discovered by a well known military historian. The Social Security numbers appear to have … Continue reading
NEW CONNECTICUT DATA BREACH IS A PERFECT EXAMPLE OF DATA SECURITY FAILURES
The Connecticut Attorney General just announced that personal health information and protected health information for over 9,000 Hartford Hospital patients was lost in June. http://www.ct.gov/ag/cwp/view.asp?Q=508726&A=2341. A laptop carried by an EMC subsidiary employee was reportedly stolen. The State AG announced that the unencrypted information on the laptop contained names, addresses, dates of birth, social security … Continue reading
Vermont Adds New Wrinkles to Data Breach Notification Law
Vermont has made some interesting amendments [.pdf at Sec. 4, p. 9] to its Security Breach Notice Act. The changes, trumpeted in a recent press release as part of various consumer protection measures, were signed into law on May 8, 2012 to be effective immediately. The most significant aspects of the revisions are: Consumer notification of a breach must be … Continue reading
Cyber Warfare and Collateral Damage: “Flame” Malware Heats Up Data Security Threat
Cyber Security experts have discovered new malware that is unique in its sophistication and frightening in its capabilities. The malware, known as “Flame”, was found during an investigation by Russia-based Kaspersky Lab, and may have been running undetected for more than two years. Flame has set off alarm bells due to its complexity and because it appears to be part of … Continue reading
Credit Card Transactions: A Data Breach Waiting to Happen
Last week, Global Payments, Inc., an electronic transactions processor for, among others, VISA and MasterCard, reported a large data breach. According to Global Payments, intruders obtained ”track 2″ credit card data on 1.5 million cardholders. Track 2 refers to a portion of the data contained on the credit card’s magnetic stripe [pdf]. Track 2 data includes card numbers and expiration dates. Track 1 data, which was not … Continue reading
If the Shoe Fits . . . File a Class Action? Zappos Data Breach Leads to Quick Lawsuit.
Less than 24 hours after the Zappos data breach was announced, a class action lawsuit was filed against Amazon.com (Zappos is owned by Amazon). The Complaint [pdf] purports to be asserted on behalf of a putative class of 24 million customers whose information was exposed in the Zappos hacking incident. While 24 million individuals, not to mention the name recognition and … Continue reading
ZAPPOS HIT BY MASSIVE DATA BREACH
Zappos, an Amazon-owned online shoe and apparel outlet retailer, announced today that hackers accessed the personal information of potentially 24 million of its customers. The personal information included names, addresses, phone numbers and email addresses. Scrambled passwords and the last four digits of customers’ credit cards were also exposed. Zappos stated that the hackers gained … Continue reading
Did the First Circuit Open a Pandora’s Box in Data Breach Litigation?
Plaintiffs’ attorneys are now likely to rely on the First Circuit’s opinion in Anderson v. Hannaford Bros. Co., (1st Cir. Oct. 20, 2011) [.pdf], when asserting claims in the wake of a data breach. The Hannaford matter arose in December 2007, when hackers stole millions of credit and debit card numbers from Hannaford Brothers, a large grocery chain. In a span of 3 months, … Continue reading
Canadian Bill Seeks Mandatory Data Breach Notification
Mandatory data breach notification may soon become federal law in Canada. The Canadian Parliament is currently reviewing Bill C-12, a proposed update to Canada’s existing privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA currently does not contain any breach notification provisions. The proposed update would require entities to notify both affected … Continue reading